package com.zbf.qunxian;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.zbf.common.ResponseResult;
import com.zbf.common.ResultStatus;
import com.zbf.common.SysInfo;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletResponse;

/**
 * @author: LCG
 * 作者: LCG
 * 日期: 2021/6/3  17:20
 * 描述:
 */
@Aspect
@Component
public class QuanXianAop {

    @Autowired
    private RedisTemplate<String,String> redisTemplate;


    @Pointcut("execution(public * com.zbf.web.*.*(..))")
    public void pointCut(){};



    @Around("pointCut() && @annotation(com.zbf.qunxian.QuanXian)")
    public Object processHadnler(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {

        MethodSignature signature = (MethodSignature)proceedingJoinPoint.getSignature();
        QuanXian annotation = signature.getMethod().getAnnotation(QuanXian.class);

        //如果没有QuanXian标识说明是不需要进行权限验证的
        if(annotation==null){
            //通过切面
            return proceedingJoinPoint.proceed();
        }else{
            //进行权限认证
            String value = annotation.value();
            //获取请求的上下文
            ServletRequestAttributes requestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
            Object attribute = requestAttributes.getRequest().getSession().getAttribute(SysInfo.userInfo);
            JSONObject jsonObject = JSON.parseObject(attribute.toString());

            Object id = jsonObject.get("id");
            //判断是否有权限
            Boolean aBoolean = redisTemplate.opsForHash().hasKey(SysInfo.userQuanXian + id, value);

            if(aBoolean){
                //有权限通过AOP切面
                return proceedingJoinPoint.proceed();
            }else{
                HttpServletResponse response = requestAttributes.getResponse();
                //设置响应头信息
                response.setHeader("Access-Control-Allow-Credentials","true");
                response.setHeader("Access-Control-Allow-Headers","Origin,X-Requested-With,Content-Type,Accept");
                response.setHeader("Access-Control-Allow-Methods","GET,PUT,POST,DELETE,OPTIONS");
                response.setHeader("Access-Control-Allow-Origin","http://localhost:8888");
                //防止乱码
                response.setCharacterEncoding("utf-8");
                ResponseResult responseResult = ResponseResult.getResponseResult()
                        .setCode(ResultStatus.AUTH_NO_AUTH.getCode())
                        .setMsg(ResultStatus.AUTH_NO_AUTH.getMsg());
                //写回错误信息
                response.getWriter().append(JSON.toJSONString(responseResult));
                return null;

            }
        }
    }

}
